IOC Radar
IPMediumSignal 41/100

139.87.113.24

Location
United StatesUnited States
Montreal, Quebec
ASN
AS6142
Oracle Public Cloud
First Seen
May 22, 2025
Last Seen
Apr 15, 2026
May 22
First Seen
384d ago
Apr 15
Last Seen
55d ago
8
Reports
source reports
41%
Confidence
medium
5/91
VirusTotal
detections
Found in 8 reports. Confidence: medium. · Confidence scores are heuristic. Verify before acting on results.
IPv4 Address
Network layer indicator observed in threat reports.
MISP Category
Network Activity
Confidence
41%
Signal Score
41 / 100
IDS Rule
No
Threat Context
Tags
MITRE ATT&CK

MITRE ATT&CK TTPs

42 techniques

Network Information

CountryUSUnited States
RegionMontreal, Quebec
ASNAS6142
OrganizationOracle Public Cloud

Feed Intelligence Summary

8 reports41% confidence
8
Source reports
41%
Confidence score
Category tags
active scanactive scanningapacheapache camelapache tomcatback orificebeningbening scannerbotnetbotnet activitybrute forcebrute force attackbrute_forcecamelcanadacode executioncode injectioncode injection vulnerabilitycode segmentcommand and controlcommand executioncommunication protocolcookiecredential accesscredential stuffingcredential_accessd-link hnapdata exfiltrationdata injectiondata store exposuredatabase securityddosdenial of servicedistributed attacksexploitexploitation activityfigurefirstftpgpon vulnerabilityhackinghalosecurity-benignhardcoded credentialsheader hijackingheader hijacking attackhttp puthttp requesthttp scanneridentity & access exploitationindicatorinjection activityinjection attacksiot exploitationiot securitymalicious softwaremalwarenettynetworknetwork securitynetwork_reconnaissancenorth americapartial putpartial put attackpartial put vulnerabilitypassword attacksprocess injectionprotocol exploitationqualys-benignransomwarercereconnaissanceremote accessremote code executionremote servicesresearchedrouter exploitationscannerscripting attackssoap injectionssh attacksystembct1021t1021.001t1040t1046t1055t1059t1059.003t1059.004t1059.007t1068t1071.001t1076t1078t1082t1110t1110.001t1110.002t1110.003t1110.004t1189t1190t1192t1203t1210t1213t1486t1496t1499.001t1499.002t1499.003t1505t1505.003t1550.002t1555t1562.001t1563t1565t1588t1595t1595.001t1595.002t1595.003telnet threattomcatunauthenticated vulnerabilityunited statesverified-benignvulnerabilityvulnerability scanweb app attackweb application attackweb attackweb exploitationweb server exploitweb trafficzgrabzivif camera

Activity Timeline

1 total obs
Apr 15Apr 15

Threat Activity Heatmap

· Peak: 2026-04-15
Less
More
Mon
Wed
Fri
Jun
·
·
·
Jul
·
·
·
Aug
·
·
·
Sep
·
·
·
·
Oct
·
·
·
Nov
·
·
·
Dec
·
·
·
·
Jan
·
·
·
Feb
·
·
·
Mar
·
·
·
·
Apr
·
·
·
May
·
·
·
Jun
24h
0
Dormant
7d
0
Dormant
30d
0
Dormant
3mo
1
Minimal
Threat ScoreMedium Risk
41
SIGNAL
Signal Score
41%
Confidence
8
Reports
First seenMay 22, 2025
Last seenApr 15, 2026
GeolocationUS
CountryUnited States
LocationMontreal, Quebec
ASNAS6142
OrgOracle Public Cloud
Coords45.5019, -73.5674

VirusTotal

5/ 91vendors flagged
5% detection rateJun 8, 2026

WHOIS

raw
Oracle Corporation OC-195 (NET-139-87-0-0-1) 139.87.0.0 - 139.87.255.255 Oracle Public Cloud OC-195 (NET-139-87-0-0-2) 139.87.0.0 - 139.87.255.255

Export & API

STIX 2.1 Bundle
CSV Export
Permalink

IOC Journey

medium
First detected 1 year ago · Last seen 1 month ago
Appeared in 8 threat reports